Hi,
I've been battling with this the whole day (And now I lost my post...)
I can't get the Ban List on the WWW Proxy to work. I have now uninstalled wingate and re-installed it starting fresh.
So, with no settings configured I did just this:
* Disabled DNS and DHCP, controlled by Domain Server
* I have set up the users, and use Assumed Users by IP Address for authentication. It does show the users correctly.
* I then went to Users -> System Policies, and added a new policy for everyone, restricted only by time.
* Then went to Services -> WWW Proxy Server -> Policies
I then added a new policy for everyone, with Default Rights="are ignored"
I then added to the Ban List : HTTP URL contains "facebook"
That's it. Why does it not work
I have spend the entire day reading up on this and struggling with this. Just can't get it working. Will now have to redo all the other settings that was working.
Please help
THANKS !!!
Ban List not working
Moderator: Qbik Staff
8 posts
• Page 1 of 1
Re: Ban List not working
by adrien » Mar 02 11 6:45 am
Hi Dirk
the key to banlists in WinGate 6 is that they are exclusions to the granting of a right.
If any other grant of a right grants access, then the banlist will not be effective.
This is because all the "recipients" are combined using logical OR (you can think of as plus). E.g. if you have
* user can see only certain sites (not in banlist)
plus
* user can see anything
then the user can see anything.
So you need to check that no other policy settings are granting unrestricted access, or access to these sites you're trying to ban.
Regards
Adrien
the key to banlists in WinGate 6 is that they are exclusions to the granting of a right.
If any other grant of a right grants access, then the banlist will not be effective.
This is because all the "recipients" are combined using logical OR (you can think of as plus). E.g. if you have
* user can see only certain sites (not in banlist)
plus
* user can see anything
then the user can see anything.
So you need to check that no other policy settings are granting unrestricted access, or access to these sites you're trying to ban.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Ban List not working
by Dirk L » Mar 02 11 8:36 am
Hi,
Thanks for the reply. I spend the entire day reading up and I saw that is how it's working. So I took away all other Policies. And then when that did not work, I uninstalled and re-installed the program, like I mentioned in my first post.
Please refer to my first post, where I have detailed exactly the ONLY steps I have taken. You will see I did not give access in any other policy, except the system policy, but on the Proxy Policy I did set it to Default Rights="are ignored", so it should still be blocked by the Proxy Policy.
Please read my first post, I explained it there.
Thanks for the quick reply
Regards
Dirk
Thanks for the reply. I spend the entire day reading up and I saw that is how it's working. So I took away all other Policies. And then when that did not work, I uninstalled and re-installed the program, like I mentioned in my first post.
Please refer to my first post, where I have detailed exactly the ONLY steps I have taken. You will see I did not give access in any other policy, except the system policy, but on the Proxy Policy I did set it to Default Rights="are ignored", so it should still be blocked by the Proxy Policy.
Please read my first post, I explained it there.
Thanks for the quick reply
Regards
Dirk
Dirk Lombard
Senior Software Developer
Senior Software Developer
- Dirk L
- Posts: 5
- Joined: Mar 02 11 5:37 am
Re: Ban List not working
by adrien » Mar 02 11 10:16 am
Hi
Sorry, I didn't read your first post properly.
Are you certain the users are actually going through the WWW proxy? e.g. if you stop the WWW proxy does it stop working, or change the way activity is displayed in the activity screen? for instance if you installed the WinGate client on the client computer, and don't have the WWW proxy set to intercept connections, then the activity will show up as http requests, but not be going through the WWW proxy and not subject to WWW proxy policy.
Otherwise can you open a support ticket and send in your WinGate registry? Then we can have a look and see why it's not working. Jason can run through the things required to track down the issue. It's pretty much guaranteed to be some config issue.
http://support.qbik.com
Regards
Adrien
Sorry, I didn't read your first post properly.
Are you certain the users are actually going through the WWW proxy? e.g. if you stop the WWW proxy does it stop working, or change the way activity is displayed in the activity screen? for instance if you installed the WinGate client on the client computer, and don't have the WWW proxy set to intercept connections, then the activity will show up as http requests, but not be going through the WWW proxy and not subject to WWW proxy policy.
Otherwise can you open a support ticket and send in your WinGate registry? Then we can have a look and see why it's not working. Jason can run through the things required to track down the issue. It's pretty much guaranteed to be some config issue.
http://support.qbik.com
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Ban List not working
by Dirk L » Mar 02 11 10:57 am
Ah, thanks for the reply, it think this might be the problem.
(I did type it in my first post, the one I lost somehow, about this, and then forgot to mention it again.... )
I'm not sure if it does go "through" the Proxy Service, but I don't know how to set this up, and could not find help on the web, or in the help files or on the forum, probably just didn't know what to search for. So I assumed this was done automatically, and that's why one have to specify port 80 on the Proxy Settings.
So, how do I set to Proxy to intercept the connections?
I'm not at the server anymore (It's night time this side of the globe...). Will look into this then tomorrow morning first ting, and if still no luck will then open a support ticket, thanks for that link.
Thanks again.
(I did type it in my first post, the one I lost somehow, about this, and then forgot to mention it again.... )
I'm not sure if it does go "through" the Proxy Service, but I don't know how to set this up, and could not find help on the web, or in the help files or on the forum, probably just didn't know what to search for. So I assumed this was done automatically, and that's why one have to specify port 80 on the Proxy Settings.
So, how do I set to Proxy to intercept the connections?
I'm not at the server anymore (It's night time this side of the globe...). Will look into this then tomorrow morning first ting, and if still no luck will then open a support ticket, thanks for that link.
Thanks again.
Dirk Lombard
Senior Software Developer
Senior Software Developer
- Dirk L
- Posts: 5
- Joined: Mar 02 11 5:37 am
Re: Ban List not working
by adrien » Mar 02 11 2:35 pm
Hi
edit the www proxy, select the sessions tab. Enable connection interception (transparent proxy), and make sure port 80 is showing in there.
Adrien
edit the www proxy, select the sessions tab. Enable connection interception (transparent proxy), and make sure port 80 is showing in there.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Ban List not working
by Dirk L » Mar 03 11 1:26 am
Ok, this was the problem.
It's now intercepting the traffic on port 80 and blocking the sites I need blocked. On the Extended networking->Port Security it also show that port 80 is now redirected to the WWW Proxy. So that's fine.
BUT
All other sites now get the error:
wingate socket error "Connection to Remote Host timed out"
No site can connect now, the error occurs after about 3 to 5 seconds on any site.
Thanks
It's now intercepting the traffic on port 80 and blocking the sites I need blocked. On the Extended networking->Port Security it also show that port 80 is now redirected to the WWW Proxy. So that's fine.
BUT
All other sites now get the error:
wingate socket error "Connection to Remote Host timed out"
No site can connect now, the error occurs after about 3 to 5 seconds on any site.
Thanks
Dirk Lombard
Senior Software Developer
Senior Software Developer
- Dirk L
- Posts: 5
- Joined: Mar 02 11 5:37 am
Re: Ban List not working
by Dirk L » Mar 03 11 7:03 am
Hi, I solved it !!!!!!!!
Thanks for this excellent write up on adding wingate to a separate pc on a Domain:
viewtopic.php?f=12&t=40555&p=36141&hilit=domain+dns#p36141
After intercepting port 80 on the WWW Proxy I got the code 500 Socket Error. The problem was with the different settings on the 2 machines' DNS Settings (Wingate & Domain)
It's working now, you should make that post a sticky. Thanks for the write up logan.
Thanks
Cheers
Thanks for this excellent write up on adding wingate to a separate pc on a Domain:
viewtopic.php?f=12&t=40555&p=36141&hilit=domain+dns#p36141
After intercepting port 80 on the WWW Proxy I got the code 500 Socket Error. The problem was with the different settings on the 2 machines' DNS Settings (Wingate & Domain)
It's working now, you should make that post a sticky. Thanks for the write up logan.
Thanks
Cheers
Dirk Lombard
Senior Software Developer
Senior Software Developer
- Dirk L
- Posts: 5
- Joined: Mar 02 11 5:37 am
8 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests